At 04:26 PM 17-04-2000 +0200, J.Post wrote:
>I've been looking on the internet for 2 hours for information how to connect
>my SQL database to my website. I didn't find what I was looking for, this is
>my problem............
>I have got a form on my site, that can be filled in by visitors. I want the
>results automatically being written in my sql database, does anybody know
>how to do this???
Yep. Many ways to do it. Which programming language are you familiar with?
Options:
PHP,Perl,Python, Tcl, C++, etc.
I personally use perl because of the great modules for cgi and database:
CGI, DBI(DBD) etc.
The database module allows easy nondatabase specific quoting of data, so
that people cannot try to be naughty and execute their SQL statements on
your database.
Not filtering stuff properly before passing it to the database engine is a
very common problem.
In this year alone I've already encountered a number of sites where this is
possible. For one site I could log in as anyone (actually could do more,
but I left it at that ;) ), another see more records than supposed to, so
on and so forth. For an internally developed site I was able to update
everybody's password. Naturally I reported the problems to the site owners
who were rather grateful.
Filter inputs to suit your main program before it hits your main program,
then have various filters for your program outputs to databases,HTML, etc.
There are other things you should do as well, but this is one of the main
things.
Cheerio,
Link.